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(54) Configurable cryptographic processing engine and method 



(57) A configurable cryptographic engine (1 00) pro- 
vides high performance cryptographic processing sup- 
port for symmetric combiner type cryptographic 
algorithms. As many as two independent cryptographic 
algorithms may be performed at the same time through 
the processes of background staging and algorithm 



multi-tasking. A 3-stage instruction pipeline, dynami- 
cally configurable cryptographic co-processor (550). 
and 32-bit RISC based architecture support high per- 
formance cryptographic processing performance on the 
order of 60 Mbps aggregate throughput. 
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Description 

Field of the Invention 

[0001] This invention relates in genera! to the field of 5 
secure cryptographic communications. 

Background of the Invention 

[0002] Trends in the communications market have 10 
clearly defined the need for security for both commercial 
and military markets. As communications systems 
become more sophisticated with complex communica- 
tion services and capabilities, it is important to keep 
information secure. One of the problems with secure is 
equipment is interoperability between existing and 
future communications products. As new products are 
introduced and expected to become part of a larger 
secure communications system, the need for integrating 
legacy and emerging technology becomes imperative. 20 
Another problem with modern communications equip- 
ment is that secure hardware implementations are com- 
monly difficult to design and expensive to manufacture. 
The manufacture of secure hardware often requires 
special semiconductor foundries which operate in an 25 
expensive, high security environment. Another problem 
with hardware implementations of secure communica- 
tions equipment is the difficulty in reconfiguring the 
hardware. Typical hardware implementations are diffi- 
cult to reconfigure and reprogram when equipment 30 
must perform various functional activities in a non- 
homogeneous communications environment. 
[0003] Communications equipment implemented with 
software, however, are typically not considered as 
secure as hardware implementations because of the 35 
accessibility of the software. A typical problem with soft- 
ware implementations is that concurrent processing of 
multiple programs results in performance loss due to 
program swapping in a secure operating system. 
[0004] Thus, what is needed are an improved crypto- 40 
graphic processing engine and method suitable for use 
in cryptographic systems. What is also needed are a 
cryptographic processing engine and method that pro- 
vides interoperability between existing and emerging 
communications technologies. What is also needed is a 45 
cryptographic processing engine that does not include 
cryptographic programs during manufacture and can be 
fabricated in commercial semiconductor foundries 
thereby reducing costs. What is also needed is a cryp- 
tographic engine and method which are configurable so 
and programmable and capable of performing various 
and changeable communications functions. What is fur- 
ther needed is a cryptographic engine and method 
which provide a high security software component with 
limited accessibility. What is also needed is a crypto- ss 
graphic engine and method which rapidly and securely 
switches programs and context for each data member 
processed. 



Brief Description of the Drawings 

[0005] The invention is pointed out with particularity in 
the appended claims. However, a more complete under- 
standing of the present invention may be derived by 
referring to the detailed description and claims when 
considered in connection with the figures, wherein like 
reference numbers refer to similar items throughout the 
figures, and: 

FIG. 1 illustrates a hardware block diagram of a 
configurable cryptographic engine (CCE) in accord- 
ance with a preferred embodiment of the present 
invention; 

FIG. 2 is a flow chart of a CCE setup and configura- 
tion procedure in accordance with a preferred 
embodiment of the present invention; 
FIG. 3 is a flow chart of a data unit processing pro- 
cedure in accordance with a preferred embodiment 
of the present invention. 

[0006] The exemplification set out herein illustrates a 
preferred embodiment of the invention in one form 
thereof, and such exemplification is not intended to be 
construed as limiting in any manner. 

Detailed Description of the Drawings 

[0007] The present invention provides, among other 
things, a configurable processing engine and method. 
The present invention also provides a cryptographic 
processing engine and method suitable for providing 
interoperability between existing and emerging commu- 
nications technology. The present invention also pro- 
vides a cryptographic processing engine suitable for 
manufacture in commercial semiconductor foundries 
thereby reducing manufacturing costs. The present 
invention also provides a cryptographic engine and 
method which is configurable, programmable, and 
capable of performing various and changeable commu- 
nications functions. The present invention also provides 
a cryptographic engine and method which provide a 
high security software component with limited accessi- 
bility. The present invention further provides a crypto- 
graphic engine and method which rapidly and securely 
switches programs and context for each data member 
processed. 

[0008] FIG. 1 illustrates a hardware block diagram of 
a configurable cryptographic engine (CCE) in accord- 
ance with a preferred embodiment of the present inven- 
tion. In the preferred embodiment, CCE 100 includes 
microcode memories 200 & 202, control units 300 & 
301. execution units 500 & 501 . and check logic 150 & 
151. 

[0009] Microcode memories 200 & 202 are coupled to 
external controller 10, check logic 150 & 151, control 
units 300 & 301, and execution units 500 & 501 through 
interface and control bus 102. Microcode memories 200 
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& 202 are also coupled to control units 300 & 301 
through address and data bus 104. Each microcode 
memory may perform either as an "active" and 
"shadow" microcode memory element. 
[0010] Active and shadow are titles associated with 
selected elements of CCE 100 which are related to pro- 
cedures associated therewith. For example, when CCE 
100 is being setup and configured to perform an opera- 
tion, this procedure is performed in "background stag- 
ing" mode. Background staging is a mode where a 
setup and configuration procedure is performed which 
prepares CCE 100 to process data. Elements, such as 
memory, registers, and others, which are associated 
with background staging mode are titled "shadow" ele- 
ments. Elements which are titled shadow elements are 
determined preferably by external controller 10. Alterna- 
tively, an example of "active" mode elements is when 
shadow elements previously associated with the back- 
ground staging mode are currently being used in 
processing data. More specifically, elements titled 
shadow during a setup and configuration procedure are 
titled active when those same elements are used in 
processing data. Other examples of active and shadow 
elements are when microcode memory 200 is titled the 
shadow memory and microcode memory 202 is titled 
the active memory and vice versa. 
[001 1 ] Control units 300 & 301 are coupled to external 
controller 10. microcode memories 200 & 202, check 
logic 150 & 151 , and execution units 500 & 501 through 
interface and control bus 102. Control units 300 & 301 
are also coupled to execution units 500 & 501 through 
status and control bus 106 & 107, respectively. In the 
preferred embodiment control units 300 & 301 each 
contain microsequencer 302. In another embodiment, 
control units 300 & 301 also each contain control f inite 
state machine 304 (CFSM). In an embodiment having 
CFSM 304, CFSM 304 is comprised of hardware control 
logic and software which, among other things, monitors 
for alarms and provides high level control of microse- 
quencer 302. In the preferred embodiment, control unit 
300 and redundant control unit 301 each contain micro- 
sequencer 302 which provides software control of CCE 
100. Software control may also provide, for example, 
monitors for alarms, status and other types of opera- 
tions. Preferably, control units 300 & 301 each perform 
redundant functionality of the other. 
[0012] Execution units 500 & 501 are coupled to exter- 
nal controller 10, microcode memories 200 & 202, con- 
trol units 300 & 301 , and check logic 150 & 151 through 
interface and control bus 102. Execution units 500 & 
501 are also coupled to control units 300 & 301 through 
106 & 107, respectively. Execution units 500 & 501 are 
also coupled to external memory 12 through address 
and RAM bus 108. Furthermore, execution units 500 & 
501 are coupled to interface processor 14 through inter- 
face processor bus 112. In the preferred embodiment, 
execution units 500 & 501 each contain Arithmetic Logic 
Unit 502 (ALU), counter and register elements 503, and 



cryptographic co-processor 550 (CCO). In the preferred 
embodiment ALU 502, counter and register elements 
503, and CCO 550 are internally coupled through out- 
put bus 510. Preferably, execution units 500 & 501 each 
5 perform redundant functionality of the other. Addition- 
ally, the combination of microsequencer 302, ALU 502, 
and counter and register elements 503 function like a 
32-bit RISC processor. 

[0013] CCE 100 is a dynamically configurable crypto- 

10 graphic processing engine which, when conf igured, per- 
forms cryptographic operations on data units, e.g., Pre- 
formatted data packets of information. CCE 100 is setup 
and configured by external controller 10. Preferably, 
external controller 10 performs a setup and configura- 

is tion procedure for a channel program which prepares 
CCE 100 for processing data units. A channel program 
is characterized by a set of software program instruc- 
tions which perform, among other things, cryptographic 
operations on a data unit. A channel program is prefer- 

20 ably created by means external to the CCE. External 
controller 10 preferably provides external control when 
preparing CCE 100 for processing data units. A data 
unit is preferably stored in external memory 12 prior to 
processing. Following the processing of data units, a 

25 data unit is preferably written to external interface proc- 
essor 14. 

[0014] In the preferred embodiment, external control- 
ler 10 performs a setup and configuration procedure for 
a channel program. While performing this setup and 
30 configuration procedure, external controller 10 loads a 
channel program from external memory 12 into the 
shadow microcode memory, either memory 200 or 202. 
External controller 10 determines the microcode mem- 
ory to receive a channel program. In the preferred 
35 embodiment external controller 10 determines which 
microcode memory 200 or 202 is the shadow microc- 
ode memory to receive a channel program. 
[0015] External controller 10 provides control over 
control units 300 & 301 . Preferably, control unit 300 and 
40 redundant control unit 301 execute the same channel 
program from the active microcode memory. Control 
units 300 & 301 are comprised of functionally similar 
hardware and software although each control unit may 
contain hardware and software which is the logical com- 
45 plement of the other. A first check logic 150 examines 
outputs from control units 300 & 301 to provide an 
inspection of output values. In the preferred embodi- 
ment first check logic 1 50 provides an alarm to external 
controller 10 when control units 300 &301 produce con- 
so flicting output values. CCE 1 00 will also function without 
the redundant control unit and redundant execution unit. 
[0016] Among other things, control units 300 & 301 
each contain microsequencer 302. In the preferred 
errtoodiment microsequencer 302 contains a 3 -stage 
55 pipeline to perform, for example, fetch, execute, and 
write operations on the channel program instructions in 
microcode memory. During the fetch operation, micro- 
sequencer 302 retrieves the next channel program 
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instruction from active microcode memory. During the 
execute operation, for example, mlcrosequencer 302 
executes the previously retrieved channel program 
instruction. In the preferred embodiment, executing a 
channel program instruction may include, for example, 
loading channel program variables from external mem- 
ory 12 into execution units 500 & 501 (EUs) registers or 
providing processed output data to external interface 
processor 14. 

[0017] Preferably, EUs 500 & 501 provide crypto- 
graphic algorithm support for microsequencer 302. EUs 
500 & 501 are configurable elements which perform, 
among other things, cryptographic combiner type oper- 
ations on data units. Preferably, EUs 500 & 501 are pre- 
configured to perform cryptographic combiner type 
operations to support channel programs executed by 
associated microsequencer 302. EUs 500 & 501 are 
preferably pre-configured during a channel program 
setup and configuration process. 
[0018] Among other things, EUs 500 & 501 are each 
comprised of ALU 502, counter and register elements 
503, and CCO 550. Counter and register elements 503 
are preferably comprised of hardware including 
counters, general and dedicated purpose registers, shift 
registers, and active and shadow data unit address reg- 
isters. Each ALU 502 and counter and register elements 
503 combination perform, among other things, channel 
program instructions forwarded from microsequencer 
302, toad and store register operations, arithmetic and 
bit shift operations including, for example, a logical and 
of two 32-bit values and left and right bit shift opera- 
tions. In the preferred embodiment of the present inven- 
tion, active and shadow data unit address registers are 
read-only registers by CCE 100. In the preferred 
embodiment, active and shadow data unit address reg- 
isters contain an external memory 12 address of a data 
unit. Preferably, external controller 10 selects one data 
unit address register as the shadow register for EUs 
500 & 501. 

[0019] CCO 550 is preferably configured to perform 
combiner type cryptographic operations. CCO 550 is 
preferably controlled directly by the coupled ALU 502 
and counter and register elements 503 and indirectly by 
microsequencer 302 and instructions for a channel pro- 
gram performed by ALU 502, counter and register ele- 
ments 503, and microsequencer 302. In the preferred 
embodiment, CCO 550 includes, among other things, 
mode registers 552 & 553, state registers 554 & 555, 
variable registers 556 & 557, control register 558, status 
register 560, data in register 564, data out register 566, 
permuter configuration memories 574 & 575, permuter 
576. non-linear function unit (NLFU) configuration mem- 
ories 579 & 580, and NLFU 578. In cases where there 
are two of a register type, e.g., mode, state, variable, 
and data unit address, one of these register sets is titled 
the active register set and the other is the shadow reg- 
ister set Also, where there are two of a memory type, 
e.g., configuration memories for the permuter and con- 



figuration memories for the NLFU, one configuration 
memory for each is titled the active configuration mem- 
ory and the other is the shadow configuration memory 
As described above for active and shadow elements, 

s either register set or configuration memory may be titled 
active or shadow register set or configuration memory, 
respectively, as determined by external controller 10. As 
described below, CCO 550 registers and configuration 
memories are configured during a setup and conf igura- 

w tion process. Although the preferred embodiment is 
described as having one active and one shadow of each 
register set and configuration memory, there may be 
several shadow registers and configuration memories 
for non-active channel information. 

is [0020] In the preferred embodiment the mode register 
stores, among other things, data used in cryptographic 
combiner type operations performed by permuter 576 
and NLFU 578. Preferably, both active and shadow 
mode registers are 105-bit registers. Active and shadow 

20 state registers 554 & 555 preferably contain channel 
program state information of the channel program asso- 
ciated therewith. Channel program state is represented 
by data in the associated 224-bit state register. Active 
and shadow variable registers 556 & 557 preferably 

25 contain channel program variables for the channel pro- 
gram associated therewith. A channel program variable 
is represented by data in the associated 224-bit variable 
register. An example of a channel program variable may 
be a public key encryption key for encrypting plain-text 

30 data. 

[0021] In the preferred embodiment, control register 
558 preferably contains control data which determines, 
among other things, which elements (e.g., register sets, 
multiplexers, programmable logic, etc.) are active and 
35 which are shadow for CCO 550. In the preferred embod- 
iment, when microsequencer 302 loads control data into 
control register 558, CCO 550 is signaled to begin pre- 
configured processing. When processing is complete 
for pre-configured CCO 550, a status register flag is set 
40 which signals microsequencer 302 that CCO 550 is 
available for further processing. Status register 560 is 
preferably monitored by microsequencer 302 to deter- 
mine CCO 550 completion status. 
[0022] In the preferred embodiment, microsequencer 
45 302 loads data in register 564. Among other things, data 
in register 564 stores the next dword, e.g., a 32-bit ele- 
ment of a data unit, which is processed by CCO 550. 
When CCO 550 processing is complete for a dword, the 
processed dword is loaded into data out register 566. 
so [0023] Permuter 576 and NLFU 578 are comprised of 
hardware and software which are dynamically config- 
urable. When configured, permuter 576 and NLFU 578 
may perform cryptographic operations, e.g.. symmetric 
combiner type cryptographic algorithms. In the pre- 
ss f erred embodiment. 113 permuter elements are each 
comprised of a 6-bit control register which configures a 
3-stage multiplexer to select 1 of 64 input bits from the 
associated state register. A 1-bit output from each 113 
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permuter element is forwarded to NLFU 578. Each of 
the NLFU's 7 non-linear arrays is comprised of six 12:1, 
nine 6:1 , and seventeen 2:1 NLFUs. Each NLFU array is 
conprised of configurations of nonlinear function units 
which combine mode, variable, state, and data from a 
data unit to create a processed dword. In the preferred 
embodiment, a processed dword may represent, for 
exarrple, cipher-text, plain-text data, and key stream 
data. 

[0024] In the preferred embodiment. CCE 1 00 may be 
fabricated in a multi-chip module, custom cell design, 
gate anay, field programmable gate array, or other tech- 
nology providing approximately 1.8 million transistors. 
[00251 FIG. 2 is a flow chart of a CCE setup and con- 
figuration procedure in accordance with a preferred 
embodiment of the present invention. Procedure 600 is 
preferably performed by an external controller for. 
among other things, loading a channel program and 
hardware configuration information into CCE 100 (FIG. 
1). The instructions of the channel program and hard- 
ware configuration information are preferably loaded 
into CCE shadow elements. In the preferred embodi- 
ment procedure 600 is performed in a background 
staging mode for CCE 100 (FIG. 1). 
[0026] In task 602. a channel program is loaded into 
memory. In the preferred embodiment an external con- 
troller copies a channel program from an external mem- 
ory into shadow microcode memory. Permuter 
configuration data and NLFU configuration data are 
also copied from an external memory into shadow con- 
figuration memories and are considered part of the 
channel program. Preferably, permuter configuration 
data is copied into a shadow permuter configuration 
memory and NLFU configuration data is copied into a 
shadow NLFU configuration memory. An external con- 
troller determines which memories are in the shadow 
state. 

[0027] In task 604, configuration data is loaded into a 
mode register, multiplexer, and programmable logic of 
CCO 550 (FIG. 1). In the preferred embodiment an 
external controller copies the configuration data from an 
external memory. Configuration data is preferably cre- 
ated by means external to the CCE. Configuration data 
is characterized by data which configures hardware to 
perform symmetric combiner type cryptographic opera- 
tions on data units. Preferably, cryptographic operations 
* * are performed under control of the channel program in 
task 602. Configuration data is preferably comprised of 
mode, permuter, and NLFU data. Mode data is informa- 
tion used by a channel program in symmetric combiner 
type cryptographic operations in the NLFU. Mode data 
is preferably stored in the shadow mode register of CCO 
550 (FIG. 1 ). Permuter data is comprised of data for use 
in configuring a shadow multiplexer which selects state 
register output bits. Accordingly, the multiplexer controls 
data flow from the associated state register into the per- 
muter. NLFU data is comprised of data for use in config- 
uring shadow programmable logic. In the preferred 



embodiment programmable logic is a collection of 
NLFU arrays which perform operations on 14 dwords, 
e.g.. 7 dwords of state data and 7 dwords of variable 
data simultaneously. 

5 [0028] In task 606, a channel program context is 
loaded into a state register, variable register, and data 
unit address register of EUs 500 & 501 (FIG. 1). The 
channel program context is comprised of state and var- 
iable data associated with a channel program and 

70 address data associated with a data unit. 

[0029] State data represents a channel program state. 
In the preferred embodiment, state data may contain, 
for example, channel program data representing the 
current state of execution for a process such as encryp- 

is tion. Maintaining the state data allows a channel pro- 
gram to be resumed after being swapped from shadow 
registers and memories to active registers and memo- 
ries. Initial state data is preferably written to the shadow 
state register prior to channel program execution. 

20 [0030] Variable data represents a channel program 
variable. In the preferred embodiment, variable data 
may contain, for example, a cryptographic encryption 
key for use in performing cryptographic operations in 
CCO 550 (FIG. 1). Initial variable data is preferably writ- 

25 ten to the shadow variable register prior to channel pro- 
gram execution. 

[0031] Address data for a data unit represents the 
external memory address of a data unit associated 
therewith. The address references a data unit charac- 

30 terized by, among other things, a header and payload 
data. Preferably, the header contains two dwords which 
include, for example, a reference to a destination loca- 
tion. A destination location is an output location where 
processed dwords are written. Payload data contains, 

35 among other things, dwords to be processed by the 
channel program in task 602. In the preferred embodi- 
ment payload data size is between 1 and 4094 dwords 
although other sizes are suitable. The address for the 
data unit is preferably stored in the shadow data unit 

40 address register of counter and register elements 503 
(FIG. 1). 

[0032] FIG. 3 is a flow chart of a data unit processing 
procedure in accordance with a preferred embodiment 
of the present invention. Data units are preferably pre- 

45 formatted as discussed above. Data unit processing 
procedure 700 is preferably performed by CCE 100 
(FIG. 1) for, among other things, processing a data unit. 
Examples of processing a data unit are encryption of 
plain-text data, decryption of cipher-text data, process- 

so ing of in-band signaling required for bit, word, or frame 
formatting, detection of in-band signals, or instruction 
for operations such as receive over-the-air-rekey 
(OTAR) data. In the preferred embodiment, the active 
elements of procedure 700 were titled the shadow ele- 

55 ments in procedure 600 (FIG. 2). Also, in the preferred 
embodiment procedure 700 is performed concurrently 
with procedure 600. 

[0033] In task 702. the header of the data unit is proc- 
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essed. In the preferred embodiment, the microse- 
quencer of each control unit fetches and executes 
instructions of the same channel program from active 
microcode memory. The microsequencer also performs 
any write operations external to the CCE as a result of 
performing instructions. In the preferred embodiment 
instructions of the channel program direct the microse- 
quencer to copy the header of the data unit from exter- 
nal memory to a destination location. The destination 
location is preferably determined by information con- 
tained within the header of the data unit. In the preferred 
embodiment, the destination location is a storage loca- 
tion such as external memory or an external controller 
or processor. In another embodiment of the present 
invention, the destination location may be a "temporary" 
memory location in an external interface processor. 
[0034] In task 706, a portion of the payioad data is 
loaded into the data in register. In the preferred embod- 
iment, the payioad portion loaded into the data in regis- 
ter is one dword of the payioad data. Similar to task 702, 
the microsequencer fetches, executes, and writes data 
external to the CCE when performing instructions of the 
channel program. Preferably, the instructions of the 
channel program performed in task 706 load a dword 
into the data in register. 

[0035] In task 708. control data is written into the con- 
trol register. In the preferred embodiment, the microse- 
quencer determines the control data from instructions of 
the associated channel program. Among other things, 
control data provides information to the redundant exe- 
cution units which determines the active register set in 
each. After the control register is loaded with control 
data, the microsequencer signals the associated per- 
muter and NLFU to perform their pre-configured crypto- 
graphic operations. 

[0036] In task 710, a portion of payioad data is proc- 
essed. In the preferred embodiment, the processed 
payioad portion is one dword of the payioad data. The 
dword loaded into data in register 564 (FIG. 1) in task 
706 is processed by CCO 550 (FIG. 1). Preferably, the 
CCO is pre-configured by procedure 600 (FIG. 2) to per- 
form operations on the dword. After the CCO completes 
its operations, the processed dword is written to data 
out register 566 (FIG. 1). 

[0037] In task 712, a processing complete flag is set 
in the status register of CCO 550 (FIG. 1). In the pre- 
ferred embodiment, the microsequencer monitors the 
associated status register to determine when crypto- 
graphic operations are complete for the dword in task 
710. Since the microsequencer is both independent and 
in control of operations performed by the associated 
CCO, the microsequencer may perform other instruc- 
tions of the channel program while the associated CCO 
performs pre-configured operations. 
[0038] In task 714. a processed dword is written to 
output. In the preferred embodiment, when operations 
on a dword are complete, the processed dword is writ- 
ten to an output destination. Preferably, the output des- 



tination is specified in the header of the associated data 
unit. In another embodiment, the output destination may 
be implied by the channel program being executed. In 
the preferred embodiment, a header may specify, for 

5 example, that processed dwords be written to an exter- 
nal memory or interface processor. Preferably, second 
check logic 151 (FIG. 1) provides an alarm to external 
controller 10 (FIG. 1) when EUs 500 & 501 (FIG. 1) pro- 
duce conflicting output values. 

w [0039] In task 716, a check for additional dwords is 
performed. In the preferred embodiment, the microse- 
quencer determines the number of dwords in a data unit 
to process. Preferably, the microsequencer determines 
the number of dwords to process from payioad size 

15 information in the header of the data unit, if the microse- 
quencer determines other dwords require processing, 
task 706 is performed by the microsequencer. If the 
microsequencer determines no other dwords require 
processing, task 718 is performed by the microse- 

20 quencer. In task 718, the microsequencer signals the 
external controller that processing for a data unit is com- 
plete. In the preferred embodiment, the microsequencer 
signals the external controller by setting a "done" bit in 
the function register of associated counter and register 

25 elements 503 (FIG. 1). The function register is a dedi- 
cated purpose register in counter and register elements 
503 which, among other things, communicates status 
information between the redundant microsequencers 
and external controller. 

30 [0040] In task 720, tasks 702-718 are repeated for 
other data units. In the preferred embodiment the CCE 
performs procedure 700 on additional data units requir- 
ing the first channel program described above. Alterna- 
tively, a second channel program may be performed on 

35 a data unit, without destroying the first channel program 
instructions, program context and hardware configura- 
tion information. Because the CCE contains shadow 
and active elements, two separate channel programs, 
program contexts, and hardware configurations may be 

40 maintained by the CCE. Making use of background 
staging mode, the CCE may perform, among other 
things, high performance cryptographic processing 
operations for symmetric combiner type algorithms. 
[0041] Thus, an improved cryptographic processing 

45 engine and method have been shown. What has also 
been shown are a configurable, programmable crypto- 
graphic processing engine and method suitable for pro- 
viding interoperability between existing and emerging 
communications technology. What has also been 

so shown is a cryptographic processing engine suitable for 
manufacture in commercial semiconductor foundries 
thereby reducing manufacturing costs. What has further 
been shown are a cryptographic engine and method 
which are configurable, programmable, and capable of 

55 performing various and changing communications func- 
tions. Also shown are a cryptographic engine and 
method which provide a high security software compo- 
nent with limited accessibility. What has also been 
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shown are a cryptographic engine and method which 
rapidly and securely switches programs and context for 
each data member processed. 
[0042] Therefore, the present invention provides: 

5 

a configurable cryptographic engine characterized 
by: 

a first and second microcode memory for stonng 
respective first and second cryptographic pro- 
grams; 10 
a microsequencer for processing one of said cryp- 
tographic programs; and 

an execution unit having first and second registers 
for storing respectively, first and second context 
associated respectively with said first and second 15 
cryptographic programs, 

wherein said microsequencer configures said exe- 
cution unit in response to said first cryptographic 
program and said execution unit processes a first 
data unit in accordance with said first context and 20 
said first cryptographic program, and 
wherein said second cryptographic program is 
loaded into said second microcode memory and 
said second context is loaded into said second reg- 
isters during the processing of said f irst data unit for 25 
subsequently processing a second data by said 
execution unit. 

[0043] And wherein the microsequencer further con- 
figures said execution unit in response to said second 30 
cryptographic program and said execution unit proc- 
esses a second data unit in accordance with said sec- 
ond context 

[0044] And wherein the first and second microcode 
memories, a control unit and said execution unit are fab- ss 
ricated on a single semiconductor substrate. 
[0045] The present invention is further characterized 
by: 

a redundant control unit that includes a redundant 40 
microsequencer for processing said one crypto- 
graphic program; and 

a redundant execution unit having redundant first 
and second registers for storing respectively, said 
first and second context associated respectively 45 
with said first and second cryptographic programs, 
wherein said redundant microsequencer configures 
said redundant execution unit in response to said 
first cryptographic program, and said redundant 
execution unit processes said first data unit in so 
accordance with said f irst context 



[0046] 

by: 



The present invention is further characterized 



55 



a first control logic for comparing control unit output 
data of said control unit with output data of said 
redundant control unit; and 



a second control logic for comparing execution unit 
output data of said execution unit with execution 
unit output data of said redundant execution unit. 

[0047] Also, the first control logic has means for noti- 
fying an external host of discrepancies between said 
control unit output data of said control unit and said 
redundant control unit 

[0048] And. the second control logic has means for 
notifying an external host of discrepancies between said 
execution unit output data of said execution unit and 
said redundant execution unit 

[0049] And wherein the execution unit includes a cryp- 
tographic co-processor having said first and second 
registers contained therein, said cryptographic co-proc- 
essor for performing combiner-type cryptographic oper- 
ations on said first data unit 

[0050] The present invention also provides, in a con- 
figurable cryptographic engine comprised of first and 
second microcode memories, a microsequencer, an 
execution unit that includes a cryptographic co-proces- 
sor, a method for processing data units characterized by 
the steps of : 

loading a first cryptographic program into said first 
microcode memory; 

loading first configuration bits associated with said 
first cryptographic program into first registers asso- 
ciated with said execution unit- 
loading first context of said first cryptographic pro- 
gram into second registers associated with said 
cryptographic co-processor ; 
providing, by said microsequencer, first program 
parameters based on said first cryptographic pro- 
gram to said cryptographic co-processor for config- 
uring said cryptographic co-processor for an 
operation; and 

performing, by said cryptographic co-processor, as 
configured with said first program parameters, said 
operation on a first data unit, said operation deter- 
mined, at least in part, by said first cryptographic 
program and said first context. 

[0051] And wherein the loading steps are performed 
during the processing of a second data unit by said 
cryptographic co-processor in accordance with a sec- 
ond cryptographic program stored in said second 
microcode memory. 

[0052] And wherein second context associated with 
said second cryptographic program is stored in third 
registers associated with execution unit, and 

second configuration bits associated with said sec- 
ond cryptographic program are stored in fourth reg- 
isters associated with said execution unit, 
said second context and said second configuration 
bits being used by said second cryptographic pro- 
gram for processing said second data unit. 
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said second data unit being a prior data unit to said 
first data unit in a series of data units. 

[0053] And wherein the first cryptographic program is 
comprised of a set of instructions, and the method fur- 
ther characterized by the steps of: 

said microsequencer retrieving a first instruction 
from said set of instructions; 
said microsequencer providing said first program 
parameters based on said first instruction to said 
cryptographic co-processor to configure said cryp- 
tographic co-processor for said operation; and 
performing said operation on a first dword of said 
first data unit, said operation determined, at least in 
part, by said first instruction, said first cryptographic 
program, and said first context. 

[0054] The present invention is further characterized 
by the steps of: 

loading a third cryptographic program into said sec- 
ond microcode memory; 

loading third configuration bits associated with said 
third cryptographic program into said fourth regis- 
ters; 

loading third context associated with said third cryp- 
tographic program into said third registers; and 
processing a third data unit by said execution unit in 
accordance with said third context and configura- 
tion bits after the processing of said first data unit, 
the steps of loading said third cryptographic pro- 
gram, said third configuration bits, and said third 
context being performed during the processing of 
said first data unit 

[0055] The present invention is further characterized 
by the steps of. 

updating said first context in said second registers 
based on said operation performed on said first 
data unit; 

repeating the steps of providing, performing said 
operation and updating said first context for other 
instructions of said set of instructions; and 
for other words of said first data unit, repeating the 
• steps of retrieving, providing, performing said oper- 
ation and updating said first context to create an 
output data unit. 

[0056] And, the present invention is further character- 
ized by the step of loading an address of said first data 
unit into an address register, and reading said first data 
unit from a storage location indicated by said address. 
[0057] And wherein the configurable cryptographic 
engine is further characterized by a redundant microse- 
quencer and a redundant execution unit, the method 
further characterized by the steps of: 



providing redundant program parameters by said 
redundant microsequencer to said redundant exe- 
cution unit in accordance with said second crypto- 
graphic program; 
5 processing said first data unit in said redundant 
execution unit; 

comparing said redundant program parameters 
with said first program parameters; and 
notifying an external host of discrepancies between 
io said redundant program parameters and said first 
program parameters. 

[0058] The present invention also provides, in a con- 
figurable processing engine comprised of first and see- 
rs ond microcode memories, a microsequencer, and an 
execution unit, wherein said first microcode memory 
has a first program stored therein, a method for 
processing data units characterized by the steps of: 

20 said microsequencer providing first configuration 
bits to said execution unit based on said first pro- 
gram; 

said execution unit processing a first data unit 
based on said first configuration bits and first con- 
25 text associated with said first program, said first 
context being stored in a first context register asso- 
ciated with said execution unit; and 
loading a second program into said second microc- 
ode memory during the processing step. 

30 

[0059] The present invention is further characterized 
by the steps of: 

loading second context associated with said sec- 
35 ond program into a second context register associ- 
ated with said execution unit during the processing 
step; and 

said execution unit processing a second data unit 
based on said second context after the completion 
40 of the step of processing said first data unit 

[0060] The present invention is further characterized 
by the steps of: 

45 loading a third program into said first microcode 
memory; 

loading third context associated with said third pro- 
gram into said first context register; and 
said execution unit processing a third data unit 

so based on said third configuration bits and third con- 
text after the completion of the step of processing 
said second data unit, wherein 
the loading said third program and third context 
steps being performed during the step of process- 

55 ing said second data unit 

[0061] Also, the present invention provides a config- 
urable cryptographic processing engine characterized 
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by: 

a first control unit tor performing a first channel pro- 
gram wherein said first channel program operates 
on a first data unit said first control unit for perform- 
ing a second channel program wherein said second 
channel program operates on a second data unit, 
subsequent to performing said first channel pro- 
gram; 

a first memory for storing said first channel pro- 
gram; 

a second memory for storing said second channel 
program, said second channel program being 
loaded in the second memory during the perform- 
ance of said first channel program; and 
a first execution unit for performing operations on 
selected portions of said first data unit based on the 
first channel program, said first execution unit for 
performing operations on selected portions of said 
second data unit based on the second channel pro- 
gram, subsequent to performing operations on said 
first data unit. 

The present invention is further characterized by: 

a second control unit for performing said first chan- 
nel program, concurrently during the first control 
units' performance of the first channel program; and 
a control unit check logic comparing output values 
of the first and second control units, and providing 
an alarm signal when the output values conflict. 

[0062] And wherein the second control unit for per- 
forming said second channel program, concurrently 
during the first control units 1 performance of the second 
channel program. 

[0063] And wherein each first and second control unit 
is comprised of: 

a first microsequencer for performing fetch, exe- 
cute, and write operations of each said first and 
second channel program, sending control data and 
receiving status data from said first execution unit 

The present invention is further characterized by: 

• . a second execution unit for performing operations 
on selected portions of said first data unit, concur- 
rently during the first execution units' performance 
of operations on selected portions of said f irst data 
unit; and 

a execution unit check logic comparing output val- 
ues of the f irst and second execution units, and pro- 
viding an alarm signal when the output values 
conflict 

[0064] And wherein the second execution unit for per- 
forming operations on selected portions of said second 



data unit, concurrently during the first execution units' 
performance of operations on selected portions of said 
second data unit 

5 Claims 

1. A configurable cryptographic engine (100) charac- 
terized by: 

10 a first (200) and second (202) microcode mem- 

ory for storing respective first and second cryp- 
tographic programs; 

a microsequencer (302) for processing one of 
said first and second cryptographic programs; 
is and 

an execution unit (500) having first and second 
registers (554 & 555. 556 & 557. 503) for stor- 
ing respectively, first and second context asso- 
ciated respectively with said first and second 
cryptographic programs, 
wherein said microsequencer configures said 
execution unit in response to said first crypto- 
graphic program and said execution unit proc- 
esses a first data unit in accordance with said 
first context and said first cryptographic pro- 
gram, and 

wherein said second cryptographic program is 
loaded into said second microcode memory 
and said second context is loaded into said 
second registers during processing of said first 
data unit for subsequently processing a second 
data unit by said execution unit. 

A configurable cryptographic engine as claimed in 
claim 1 wherein said microsequencer further con- 
figures said execution unit in response to said sec- 
ond cryptographic program and said execution unit 
processes a second data unit in accordance with 
said second context, 

and wherein said first and second microcode 
memories, a control unit and said execution unit are 
fabricated on a single semiconductor substrate. 

A configurable cryptographic engine as claimed in 
claim 1 further characterized by: 

a redundant control unit that includes a redun- 
dant microsequencer for processing said first 
cryptographic program; 

a redundant execution unit having redundant 
first and second registers for storing respec- 
tively, said f irst and second context associated 
respectively with said first and second crypto- 
graphic programs, wherein said redundant 
55 microsequencer configures said redundant 

execution unit in response to said first crypto- 
graphic program, and said redundant execution 
unit processes said first data unit in accord - 
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ance with said first context; 
a first control logic for comparing control unit 
output data of a control unit with output data of 
said redundant control unit; and 
a second control logic for comparing execution s 
unit output data of said execution unit with exe- 
cution unit output data of said redundant exe- 
cution unit, 

and wherein said first control logic has a means 
for notifying an external host of discrepancies 10 
between said control unit output data of said 
control unit and said redundant control unit, 
and wherein said second control logic has 
means for notifying an external host of discrep- 
ancies between said execution unit output data is 
of said execution unit and said redundant exe- 
cution unit. 

In a configurable cryptographic engine (100) com- 
prised of first and second microcode memories 20 
(200, 202) , a microsequencer (302), an execution 
unit (500) that includes a cryptographic co-proces- 
sor (550), a method (600, 700) for processing data 
units characterized by the steps of: 

25 

(602) loading a first cryptographic program into 
said first microcode memory; 
(604) loading first configuration bits associated 
with said first cryptographic program into first 
registers associated with said execution unit; 30 
(606) loading first context of said first crypto- 
graphic program into second registers associ- 
ated with said cryptographic co-processor; 
(708) providing, by said microsequencer, first 
program parameters based on said first crypto- 35 
graphic program to said cryptographic co-proc- 
essor for configuring said cryptographic co- 
processor for an operation; and 
(710) performing, by said cryptographic co- 
processor, as configured with said first program 40 
parameters, said operation on a first data unit, 
said operation determined, at least in part, by 
said first cryptographic program and said first 
context. 

45 

A method as claimed in claim 4 wherein the loading 
steps are performed during the processing of a sec- 
ond data unit by said cryptographic co-processor in 
accordance with a second cryptographic program 
stored in said second microcode memory, so 

and wherein a second context associated 
with said second cryptographic program is stored in 
third registers associated with said execution unit, 
and 

55 

second configuration bits associated with said 
second cryptographic program are stored in 
fourth registers associated with said execution 



unit, 

said second context and said second configu- 
ration bits being used by said second crypto- 
graphic program for processing said second 
data unit 

said second data unit being a prior data unit to 
said first data unit in a series of data units. 

6. A method as claimed in claim 5 wherein said first 
cryptographic program is comprised of a set of 
instructions, the method further characterized by 
the steps of: 

said microsequencer retrieving a first instruc- 
tion from said set of instructions; 
said microsequencer providing said first pro- 
gram parameters based on said first instruction 
to said cryptographic co-processor to configure 
said cryptographic co-processor for said opera- 
tion; 

performing said operation on a first dword of 
said first data unit, said operation determined, 
at least in part, by said first instruction, said first 
cryptographic program, and said first context; 
loading a third cryptographic program into said 
second microcode memory; 
loading third configuration bits associated with 
said third cryptographic program into said 
fourth registers; 

loading third context associated with said third 
cryptographic program into said third registers; 
and 

processing a third data unit by said execution 
unit in accordance with said third context and 
configuration bits after the processing of said 
first data unit 

the steps of loading said third cryptographic 
program, said third configuration bits, and said 
third context being performed during the 
processing of said first data unit. 

7. In a configurable processing engine (100) com- 
prised of first and second microcode memories 
(200, 202) , a microsequencer (302) , and an exe- 
cution unit (500), wherein said first microcode 
memory (200) has a first program stored therein, a 
method (600, 700) for processing data units char- 
acterized by the steps of: 

(708) said microsequencer providing first con- 
figuration bits to said execution unit based on 
said first program; 

(71 0) said execution unit processing a first data 
unit based on said first configuration bits and 
first context associated with said first program, 
said first context being stored in a first context 
register associated with said execution unit; 
and 
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(602) loading a second program into said sec- 
ond microcode memory during the processing 
step. 

8. A method as claimed in claim 7 further character- s 
ized by the steps of: 

loading second context associated with said 
second program into a second context register 
associated with said execution unit during the 10 
processing step; 

said execution unit processing a second data 
unit based on said second context after the 
completion of the step of processing said first 
data unit; is 
loading a third program into said first microc- 
ode memory; 

loading third context associated with said third 
program into said first context register; and 
said execution unit processing a third data unit 20 
based on said third configuration bits and third 
context after the completion of the step of 
processing said second data unit, wherein 
the loading said third program and third context 
steps being performed during the step of 25 
processing said second data unit 

9- A configurable cryptographic processing engine 
(100) characterized by: 

30 

a first control unit (300) for performing a first 
channel program wherein said first channel 
program operates on a first data unit, said first 
control unit for performing a second channel 
program wherein said second channel program 35 
operates on a second data unit, subsequent to 
performing said first channel program; 
a first memory (200) for storing said first chan- 
nel program; 

a second memory (202) for storing said second 40 
channel program, said second channel pro- 
gram being loaded in the second memory dur- 
ing the performance of said first channel 
program; and 

a first execution unit (500) for performing oper- 45 
ations on selected portions of said first data 
unit based on the first channel program, said 
first execution unit for performing operations on 
selected portions of said second data unit 
based on the second channel program, subse- so 
quent to performing operations on said first 
data unit. 

10. A configurable cryptographic processing engine as 
in claim 9 further characterized by: ss 

a second control unit (301) for performing said 
first channel program, concurrently during the 



first control unit's performance of the first chan- 
nel program. 

said second control unit for performing said 
second channel program, concurrently during 
the first control unit's performance of the sec- 
ond channel program; 

a control unit check logic (150) comparing out- 
put values of the first and second control units, 
and providing an alarm signal when the output 
values conflict, 

and wherein each first and second control unit 
is comprised of: 

a first microsequencer (302) for performing 
fetch, execute, and write operations of each 
said first and second channel program, send- 
ing control data and receiving status data from 
said first execution unit; 
a second execution unit (501) tor performing 
operations on selected portions of said first 
data unit concurrently during the first execu- 
tion unit's performance of operations on 
selected portions of said first data unit; and 
a execution unit check logic (151) comparing 
output values of the first and second execution 
units, and providing an alarm signal when the 
output values conflict, 

and wherein said second execution unit for per- 
forming operations on selected portions of said 
second data unit, concurrently during the first 
execution unit's performance of operations on 
selected portions of said second data unit 
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